Set up authentication on a client side and send a JWT request

In order to make call to Virgil Services, for example, to publish user's Card on Virgil Cards Service you need to have a JSON Web Token ("JWT"). Virgil SDKs let you use Virgil token-generation functionality without having to know how they're constructed.

After a user installs Virgil SDK you'll need to set up jwtProvider for providing users with a JWT. You'll need to give your users a JWT that tells Virgil who they are and what they can do.

Requests to your app server must be authorized. You can use for this task any kind of authentication, for example, Google auth.

Set up JWT provider

Use these lines of code to specify which JWT generation source you prefer to use in your project:

Set up authentication on a server side and generate a JWT

A unique string value that identifies your account at the Virgil developer portal

API_KEY

A Private Key that is used to sign API calls to Virgil Services. For security, you will only be shown the API Private Key when the key is created. Don't forget to save it in a secure location for the next step

Next, you'll set up the JwtGenerator using the Virgil SDK.

You'll use your API Key that was created at Virgil Dashboard. For security purposes, you have to generate JWT on your server side.

Each JWT is granted access to a specific Application and has a limited lifetime that is configured by you. However, best practice is to generate JWT for the shortest amount of time feasible for your application.

As result, a user's Card will be published on the Virgil Cards Service, where it will be available at any time. The private keys stay on a user's devices.

Remember that each user can have as many Cards as he/she needs for various tasks. If you create more than one Card for a user, you can specify information about the previous Card when you create the next Card.

If you want to add an additional layer of security into your Card, you can sign a Card with an additional key, for example, with the private key of your application server. Thus, you can be sure that a user's Card wasn't replaced with another one on Virgil Cards Service.